FINTRAC’s 2026 Revocation Wave: 35 MSBs Cancelled and What Every Compliance Officer Must Learn

What Just Happened: The 2026 Revocation Wave in Numbers

In the first quarter of 2026, FINTRAC revoked the registrations of 35 money services businesses in two coordinated enforcement waves: 11 entities on 6 March 2026 and 22 entities on 16 March 2026. Two further revocations in January 2026 bring the Q1 total to 35.

This is not routine administration. When FINTRAC processes this many revocations on a single date, it signals a deliberate, coordinated enforcement campaign — not the passive expiry of dormant registrations or normal administrative attrition.

The data tells a precise story:

Metric	Finding
Total Q1 2026 revocations	35
Revoked on a single date (16 Mar 2026)	22
Virtual currency among revoked entities	97% (34 of 35)
Registered in 2021	94% (33 of 35)
Revoked while registration still valid	83% (29 of 35)
Incorporated in British Columbia	49% (17 of 35)
No operational website listed	~60%

The most striking figure is the registration cohort: 94% of revoked entities registered in 2021, the majority in a narrow October–December window. That clustering is not coincidence. It is the fingerprint of a systemic enforcement target, and FINTRAC identified it with precision.

For compliance officers at Canadian MSBs and PSPs, the question is not whether FINTRAC is watching. It is whether your organisation has the documentation, the reporting history, and the compliance infrastructure to withstand the same scrutiny that brought down 35 entities in a single quarter.

The entities revoked in the 6 March 2026 wave include: FPS Global Ltd. (operating as Defexa), Cabbagino Payments Ltd., Georgia Holiday Inc. (operating as Mer2Me), Paysprint Inc., Forestwood General Trading Inc. (operating as Danesh Exchange), Connect Fintech Services Inc., Solid Cash Incorporation (operating as Cash Form), Rise Manulife Group Inc., Bitcanex Investments Ltd., Bitnebula Limited, and OU Neuronext (a foreign MSB registered in Estonia).

The 16 March 2026 wave includes: Mask Global Market Co., Melon Technologies Limited (operating as MelonPay), Forkis Union Limited, Finast S.R.O. (operating as Britto — a Slovak foreign MSB), Target Pay Inc., Spectral Payments Inc., E-Cloudzone Technologies, Coinup Global Limited, Grembis Limited (operating as Grembis Pay), Commerce Plex Ltd. (a UK-incorporated foreign MSB), VirgoX Direct Inc., Minos Markets Limited, Magnetron Payments Ltd., HAXR Finance Ltd., Chainme Canada Inc. (operating as Coinme), PSTNET Finance Corp., Money Link Ltd., Gleec Pay Ltd., Omnipay Inc., Xward Pay Inc., A22 Industry Ltd., and Tempus Coin Ltd.

How FINTRAC Can Revoke a Registration: The Legal Framework

Under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) and its associated regulations, FINTRAC has clear statutory authority to cancel an MSB registration. The grounds on which FINTRAC may refuse to register — or may revoke an existing registration — are:

• Not eligible for registration — the broadest and most consequential ground, covering any failure to maintain the requirements for registered MSB status under the PCMLTFA and its regulations
• Failure to answer a clarification request within 30 days — a hard, non-extendable deadline
• Failure to respond in a timely manner to FINTRAC information demands — including examination requests, compliance questionnaires, and assessment notices
• Failure to notify FINTRAC of changes to operating information — including changes to legal name, address, services offered, key persons, and ownership structure
• Failure to provide assistance to FINTRAC — including during on-site or desk-based compliance examinations

A point that many compliance officers underestimate: FINTRAC does not need to prove criminal activity or money laundering to revoke a registration. It needs only to establish that the registrant has failed to maintain eligibility or has not cooperated with the Centre’s oversight functions. The proceeding is administrative, not criminal, and the evidentiary threshold is correspondingly lower.

The “not eligible for registration” ground is where the majority of enforcement actions are grounded. Critically, eligibility is not a one-time determination made at the point of application. It is a continuous obligation. An MSB that registers with a compliant programme and then allows that programme to deteriorate — or that registers as a virtual currency dealer without subsequently updating its programme to reflect the enhanced post-2022 obligations — has become ineligible, even if it is technically still within its two-year registration validity window.

This is precisely the mechanism that explains why 83% of the 2026 revocations were applied against entities whose registrations had not yet expired. FINTRAC exercised affirmative revocation against businesses it determined were no longer eligible, rather than waiting for their registrations to lapse. For a comprehensive overview of what FINTRAC’s AML requirements actually entail for registered entities, the FINTRAC AML requirements guide provides an authoritative reference.

Pattern Analysis: What the Data Reveals

Analysing FINTRAC’s public MSB registration database against the 35 revoked entities in Q1 2026, a remarkably consistent profile emerges. Understanding this profile is essential for compliance officers assessing their own organisation’s risk exposure.

The 2021 Cohort Problem

Of the 35 revoked entities, 33 registered in 2021 — almost all in the final quarter of that year. This is the single most significant pattern in the dataset.

The year 2021 was the year virtual currency dealers were fully brought within the PCMLTFA framework, and for many operators it served as a prompt to register. However, the enhanced VC obligations — including the travel rule, enhanced STR fields for crypto transactions, and large virtual currency transaction reporting — came into force in June 2022. Many entities that registered in late 2021 did so under the initial VC framework and were then required to operate under a substantially more demanding set of obligations from mid-2022 onwards. Those that failed to update their compliance programmes, appoint qualified compliance officers, or demonstrate ongoing regulatory engagement effectively became structurally non-compliant from that point forward.

FINTRAC’s 2026 enforcement campaign represents, in material part, the systematic clearing of registrants that registered under the initial VC dealer framework and never transitioned to meet the post-June 2022 requirements.

Service Profile of Revoked Entities

The service breakdown across the 35 revoked entities reveals a consistent pattern of broad-scope registration:

Service	Count	% of revoked
Virtual currency dealing	34	97%
Money transferring	34	97%
Foreign exchange	31	89%
Payment service provider (PSP)	8	23%
Crowdfunding	2	6%

Nearly every revoked entity registered for all three core services simultaneously — FX, money transfer, and virtual currency. This broad-scope registration profile is in itself a compliance risk indicator. Legitimate, specialised operators tend to register for the specific services they actually provide. An entity registering for five or six service categories simultaneously, without the operational infrastructure to support any of them, is registering for optionality rather than for a genuine, defined business purpose.

Geographic Concentration

British Columbia accounts for 49% (17 of 35) of the revoked entities, with federal incorporations representing a further 34% (12). Ontario and Alberta appear minimally. Three entities are registered outside Canada — in Slovakia, Spain/Estonia, and the UK — operating as foreign MSBs under FINTRAC’s fMSB framework.

The BC concentration is not incidental. Vancouver has been identified in multiple FINTRAC typologies publications as a centre of layering activity and professional money laundering networks. BC’s corporate registry has historically enabled rapid, low-cost incorporation. The combination of accessible incorporation and FINTRAC’s federal self-registration system created a pathway that was exploited systematically by entities seeking registration without the intent or infrastructure to operate compliantly.

Website Presence as a Compliance Indicator

Approximately 60% of the 35 revoked entities listed no operational website. This matters on two levels. First, an MSB with no customer-facing infrastructure almost certainly has no meaningful transaction volume — and zero or near-zero transaction volume combined with zero FINTRAC reports filed is an anomaly that FINTRAC’s financial intelligence analytics will flag for examination. Second, for remote-first businesses, a website is primary evidence of genuine operations. Its absence, combined with a virtual or shared office address, creates an evidentiary gap that is difficult to bridge during a compliance examination.

It is important to state clearly that the absence of a physical Canadian office is not a compliance deficiency in itself. Many legitimate fintech businesses operate entirely remotely, and PCMLTFA does not require a physical office. What matters is whether your compliance programme exists, functions, and produces the documentation and reports FINTRAC expects to see. The risk profile shifts when the absence of a physical office is combined with no website, no identifiable compliance function, and no transaction reporting — that combination describes a non-operational entity, not a legitimately operating remote business.

The Five Inferred Revocation Triggers

FINTRAC does not publish individualised revocation reasons on its public register. The statutory grounds are categorical. Based on the data patterns, the following triggers can be inferred with reasonable analytical confidence for the 2026 cohort.

Trigger 1: Non-Eligibility Due to Absent or Deficient Compliance Programme

This is the primary inferred ground for the majority of the 2026 revocations. An MSB is eligible for registration only if it maintains a compliance programme that meets PCMLTFA regulatory requirements. Those requirements include:

• A designated compliance officer with appropriate seniority and operational independence
• A written compliance policies and procedures manual, reviewed and updated on a risk basis
• A documented risk assessment covering the entity’s business model, products, customers, geographic exposure, and delivery channels
• An ongoing compliance training programme covering all relevant staff and agents
• An independent effectiveness review of the compliance programme, conducted at minimum every two years

An entity that registered in 2021 and has never produced any of these documents — or that produced them at registration and has not updated them since the June 2022 amendments — is not eligible for registration, regardless of what its FINTRAC certificate states. The 2022 VC enhancements added further mandatory components: travel rule compliance for virtual currency transfers of CAD 1,000 or more, enhanced STR reporting fields specific to crypto transactions, beneficial ownership verification to the ultimate natural person for corporate VC clients, and large virtual currency transaction reporting for amounts equivalent to CAD 10,000 or more. Any VC-registered MSB that has not incorporated these obligations into its compliance programme is non-compliant in a structural, not marginal, way.

Trigger 2: Non-Response to FINTRAC Clarification Requests

FINTRAC has authority to request information or documentation from registered entities, with a 30-day response deadline. This is a hard limit. For entities operating without dedicated compliance staff or with principals based outside Canada, responding to a FINTRAC information demand within 30 calendar days requires an organised, staffed compliance function. Entities without one cannot respond in time — and non-response is an independent revocation ground, separate from and in addition to any underlying compliance programme deficiency.

The coordinated timing of the March 2026 revocations is analytically significant here. The 10-day gap between the 6 March and 16 March waves, and the large batch sizes on both dates, is consistent with FINTRAC having issued a coordinated batch of information demands in late 2025, with a standard 30-day response deadline expiring in early 2026, followed by a further administrative period and then the March revocation actions. This is consistent with FINTRAC’s documented practice of issuing compliance questionnaires to cohorts of similarly profiled registrants identified through financial intelligence analytics.

Trigger 3: Failure to Notify FINTRAC of Registration Changes

Under PCMLTFA, registrants are required to update their registration information whenever a material change occurs — to legal name, operating name, services, key persons, address, or ownership. FINTRAC’s guidance makes clear this should be done promptly, treating updates as a continuous obligation. Several revoked entities in the 2026 cohort show data inconsistencies that suggest registration information was never updated after the initial filing. ALTFX LIMITED, for instance, is listed as a Federal (Canada) incorporation with an Ontario address but has “China” recorded as its country — an inconsistency indicating the registration was either filed incorrectly or has never been maintained. Outdated or inaccurate registration data is a direct compliance breach and will be identified immediately in any examination.

Trigger 4: Failure to File Required Reports

FINTRAC collects financial intelligence through mandatory reporting: Large Cash Transaction Reports (LCTRs), Electronic Funds Transfer Reports (EFTRs), Suspicious Transaction Reports (STRs), Large Virtual Currency Transaction Reports (LVCTRs), and others. Based on the non-operational profile of the majority of revoked entities — inferred from the absence of customer-facing infrastructure and the registration-without-operations pattern — it is reasonable to conclude that transaction reporting for much of this cohort was zero or near-zero. An MSB registered for money transferring and virtual currency services that files no EFTRs or LVCTRs over multiple years is either not operating (a dormant registrant) or is operating and not reporting. Both scenarios are enforcement triggers. FINTRAC’s analytics systems are specifically designed to detect implausible reporting patterns, including entities whose filing volumes are inconsistent with their registered service scope.

Trigger 5: Shell Entity and Bulk Registration Abuse

For a subset of the 2026 revocations — and more visibly in the historical revocation data from 2021 to 2024 — the most plausible explanation is that these entities were registered not to operate genuine MSB businesses, but to obtain a FINTRAC registration number for other purposes. A FINTRAC registration number confers apparent regulatory legitimacy and can be used to open bank accounts, enter correspondent relationships, and represent to counterparties that the entity is a registered, supervised financial institution. Registration abuse — obtaining a FINTRAC certificate without the intention or infrastructure to maintain a compliant programme — is a recognised money laundering typology. FINTRAC has been addressing it systematically since the 2022 enhanced registration scrutiny framework was implemented, and the 2026 revocation campaign is the most concentrated enforcement output of that initiative to date.

The Virtual Currency Problem: Why 97% of Revoked Entities Offered VC Services

The near-total virtual currency concentration in the 2026 revocation cohort is the most analytically significant finding in the dataset, and it demands focused attention from any compliance officer whose MSB or PSP has a crypto or digital asset component.

Virtual currency dealing was formally brought within PCMLTFA’s scope in June 2021, requiring all VC dealers to register with FINTRAC. The enhanced obligations for registered VC dealers came into force in June 2022, significantly raising the compliance bar. The key additions were:

• Travel rule obligations: For virtual currency transfers equivalent to CAD 1,000 or more, the sending entity must obtain and transmit beneficiary information to the receiving entity, and vice versa. This requires either a technical travel rule solution integrated into transaction processing, or robust documented manual procedures — it cannot be satisfied by a generic AML policy document.
• Large Virtual Currency Transaction Reports (LVCTRs): VC transactions equivalent to CAD 10,000 or more must be reported to FINTRAC within prescribed timeframes using required LVCTR fields, including wallet addresses and transaction identifiers not required in standard LCTRs.
• Enhanced STR fields for crypto: Suspicious transaction reports involving virtual currency must include crypto-specific fields — wallet addresses, transaction hashes, and blockchain network identifiers — beyond the standard STR fields required for traditional financial products.
• Beneficial ownership verification: VC dealers must verify and record the beneficial ownership of corporate and entity clients through to the ultimate natural person, with documentation retained for five years from the date of the last business transaction.

An MSB that registered as a virtual currency dealer in October–December 2021 and that has not updated its compliance programme, technology infrastructure, or staff training to reflect the June 2022 changes, is operating outside the current regulatory framework in a material and structural way. Not marginally non-compliant — fundamentally non-compliant in ways that FINTRAC’s examination process will expose immediately.

The evolution of money laundering through virtual assets has made VC dealer compliance one of the most technically demanding areas of the PCMLTFA regime. Staying current requires not just updated policies, but updated technology, updated training, and an understanding of how the key AML trends shaping regulatory compliance are driving examination priorities at FINTRAC and peer regulators globally. For a comprehensive overview of VASP compliance obligations across jurisdictions, see the ComplyFactor guide to global VASP AML/CTF compliance.

For compliance officers at MSBs and PSPs with VC or crypto asset components: the key question is not whether you have a FINTRAC VC registration. It is whether your compliance programme, as it exists today, fully reflects the post-June 2022 obligation set. If your AML policies were written in 2021 and have not been substantively revised since, the answer to that question is almost certainly no.

The 422 Richards Street Cluster: A Case Study in Bulk Registration Risk

A recurring address in the 2026 revocation data — and in FINTRAC’s historical revocation records going back to the 2021 and 2022 enforcement waves — is 422 Richards Street, Vancouver, British Columbia. This is a commercial registered agent and virtual office provider. Multiple entities in the 2026 revocation cohort list this address: XWARD PAY INC, A22 INDUSTRY LTD, GLEEC PAY LTD, OMNIPAY INC., and PSTNET FINANCE CORP., among others. The same address appeared in FINTRAC’s November 2022 enforcement wave, which revoked MTRO PAY HOLDINGS, ONRAMP TECHNOLOGIES, DMZ FINANCIAL, PARAPAY HOLDINGS, and QP SOLUTIONS CANADA — all at 422 Richards Street.

The use of a virtual or shared registered agent address is not prohibited under PCMLTFA. Many legitimately operating fintech businesses use virtual office providers, particularly in early stages, and many operate with no physical Canadian office at all. What creates the enforcement risk is the specific combination of indicators that cluster around this address across successive revocation cycles:

• Multiple entities at the same address with identical or near-identical service profiles
• Registration dates clustered within the same narrow time window
• No operational websites or customer-facing infrastructure
• No identifiable compliance officers linked to the registrations
• Transaction reporting volumes inconsistent with the service profiles claimed at registration

When FINTRAC observes this pattern across multiple registrants at a single address across multiple registration cohorts, it applies an elevated scrutiny multiplier to every entity at that location. An MSB whose registered address is associated with a historical revocation cluster is not automatically non-compliant — but it will face harder questions during any compliance examination, and the compliance programme documentation needs to be correspondingly stronger to offset the elevated risk signal.

If your MSB currently uses 422 Richards Street, Vancouver — or any similar shared registered agent address that appears in FINTRAC’s historical revocation data — the practical action is this: conduct an immediate review of your compliance programme documentation, verify that your transaction reporting history is consistent with your registered service profile, ensure your compliance officer and all operating information are current on the FINTRAC register, and consider engaging an external AML adviser to conduct an independent review before FINTRAC initiates contact. Proactive remediation is always preferable to a reactive response to a FINTRAC information demand with a 30-day deadline.

Profile of a Revoked Entity: What the Data Tells Us

Assembling the data points across the 35 revoked entities, a consistent composite emerges. The archetypal 2026 revoked MSB:

• Registered: October–December 2021, under the initial VC dealer registration framework
• Services: Foreign exchange + money transferring + virtual currency, all three registered simultaneously and broadly
• Address: Commercial registered agent or virtual office in Vancouver (BC), Markham or Toronto (Ontario)
• Website: Not available, not operational, or a placeholder with no active product
• Compliance officer: Not publicly identifiable or not updated on the FINTRAC register
• Transaction reporting: Zero or near-zero FINTRAC reports filed relative to stated service capacity (inferred from non-operational profile)
• Incorporation: BC provincial or Federal (Canada), incorporated weeks before or concurrent with the FINTRAC registration application
• Foreign entity exposure: In three cases, the underlying corporate entity is incorporated outside Canada — Slovakia (Finast S.R.O. / Britto), UK (Commerce Plex Ltd.), and Estonia/Spain (HAXR Finance Ltd.) — with nominal Canadian registered addresses

This profile is the inverse of what FINTRAC expects from a compliant, operating MSB. A legitimately operating business has a functioning website, identifiable products and customers, a named and current compliance officer on its FINTRAC registration, transaction volumes and a reporting history consistent with its stated business model, and a compliance programme that has been updated, tested, and independently reviewed.

The gap between these two profiles is exactly where revocation risk lives — and it is a gap that legitimately operating MSBs with compliance programme deficiencies can close proactively, before FINTRAC identifies it for them.

What Legitimately Operating MSBs Must Do Differently

The 2026 enforcement wave is directed primarily at non-operational registrants and structurally deficient compliance programmes. But its implications extend directly to legitimately operating MSBs and PSPs that may carry their own compliance gaps. Here is the specific action agenda.

Conduct a Compliance Programme Gap Assessment Now

If your compliance programme was written in 2021 or earlier and has not been formally reviewed since, it is almost certainly deficient relative to current PCMLTFA obligations — particularly for any VC-related activities. A structured gap assessment benchmarked against the current regulatory requirements will identify those deficiencies before FINTRAC does, and allow you to remediate them on your own timeline rather than FINTRAC’s. ComplyFactor’s FINTRAC MSB AML audit and independent effectiveness review service provides exactly this assessment.

Update Your Virtual Currency Compliance Controls

If your MSB provides any virtual currency services, your compliance programme must incorporate travel rule procedures, LVCTR reporting processes, VC-specific STR fields, and beneficial ownership verification to the ultimate natural person for corporate VC clients. These are mandatory eligibility requirements, not optional enhancements. A VC AML programme that does not address all four of these components is non-compliant. Our AML compliance programme development service covers all PCMLTFA VC dealer requirements comprehensively.

Verify Your FINTRAC Registration Information is Fully Current

Log into FINTRAC’s MSB self-serve portal and verify that every field on your registration is accurate and current: legal name, operating name(s), business address, services offered, compliance officer details, and ownership information. Any material change must be updated on the register promptly when it occurs. Outdated registration data is both a direct revocation ground and an immediate red flag during any compliance examination.

Establish a FINTRAC Response Protocol

If FINTRAC sends your organisation a clarification request or information demand, you have 30 days to respond with complete and accurate documentation. If you do not have a designated, named person responsible for FINTRAC correspondence, an established internal protocol for responding to regulatory enquiries, and documentation readily accessible and producible, you risk defaulting on that deadline — and defaulting is itself a revocation ground. Designate a primary and backup point of contact, document the response protocol in your compliance programme, and test it before you need it.

Complete Your Independent Effectiveness Review

PCMLTFA regulations require MSBs to have their compliance programme independently reviewed at minimum every two years. This review must be conducted by someone independent of the compliance function — an external adviser or auditor, not internal staff. The findings must be reported to senior management and formally documented. If you have not had an independent effectiveness review in the past two years, you are non-compliant with this specific and auditable obligation. ComplyFactor’s FINTRAC MSB audit service satisfies this regulatory requirement.

Maintain Organised, Producible Records

FINTRAC examinations are documentation reviews. Every PCMLTFA obligation has a corresponding record-keeping requirement: transaction records, client identification records, beneficial ownership records, training records, risk assessment documentation, compliance programme review reports, and records of all reports filed. The question to ask is not whether your records exist — it is whether you could produce them all, organised and coherent, within 10 business days of a FINTRAC examination notice.

Treat Your Renewal as a Compliance Examination

FINTRAC’s two-year MSB registration renewal process is increasingly a substantive compliance checkpoint, not a paperwork formality. Renewals that trigger anomaly flags — incomplete information, missing compliance officer details, inconsistent service profile changes — are being escalated to enhanced review. See FINTRAC MSB renewal requirements for a current guide to the renewal process and what compliance officers need to prepare.

The Broader Enforcement Trend: Where FINTRAC Is Heading

The 2026 revocation wave does not exist in isolation. It is one data point in a consistent and escalating enforcement trajectory that compliance officers need to understand structurally, not just as a one-off event.

Canada’s 2025 National Risk Assessment for money laundering and terrorist financing identified MSBs — and VC dealers specifically — as among the highest-risk sectors in the Canadian financial system. FINTRAC’s examination priorities follow risk assessments, and those assessments have consistently pointed to the same cohort that dominates the 2026 revocation data.

The historic CAD 176 million FINTRAC penalty — the largest ever issued under PCMLTFA — demonstrated that FINTRAC is willing to use its full enforcement toolkit without restraint. While that penalty targeted a Schedule I bank, the compliance failures it identified — inadequate transaction monitoring, insufficient STR filing, deficient AML programme governance — are equally applicable to MSB compliance programmes. The enforcement standard is not lower for smaller entities; it is calibrated to the size and risk profile of the business, but the obligation to maintain an effective programme applies universally.

Several specific trends will define the FINTRAC enforcement landscape for MSBs and PSPs over the next 24 months.

Enhanced VC examination intensity will continue. The 2022 amendments created a wave of new VC registrants who have now been operating for three to four years under the enhanced framework. FINTRAC’s examination cycles are reaching this cohort systematically. MSBs with VC components that have not conducted a post-June 2022 compliance programme review should treat this as their most urgent immediate priority. See also the ComplyFactor MSB AML audit requirements guide for what FINTRAC examiners are specifically assessing.

Correspondent banking scrutiny will intensify. Canadian banks and payment processors conduct their own KYB reviews of MSB counterparties, informed in part by FINTRAC’s public revocation register. An MSB whose registration is revoked will typically lose its banking relationships within weeks — the consequences of revocation extend well beyond the loss of the registration itself. This creates a secondary enforcement mechanism: banks are cross-referencing the revocation register as part of MSB onboarding and periodic review processes. For guidance on securing and maintaining Canadian banking relationships, see banking for Canadian MSBs and PSPs.

Foreign MSB scrutiny will grow. Three of the 35 revoked entities in 2026 are foreign MSBs — entities incorporated outside Canada that direct services at Canadian residents. FINTRAC’s willingness to revoke fMSB registrations signals increased scrutiny of the foreign MSB framework, partly driven by FATF’s 2026 oVASP risk initiative on offshore VASPs attempting to access regulated markets through lightweight registration pathways.

RPAA oversight will create parallel compliance pressure. Eight of the 35 revoked entities also held PSP registrations under the Retail Payment Activities Act. As the Bank of Canada’s RPAA supervision matures, PSPs face an additional compliance layer sitting alongside their FINTRAC obligations. For a comprehensive overview of PSP requirements, see the RPAA compliance guide for Canadian PSPs and the Canada PSP and MSB regulatory framework overview.

The AML audit cycle for MSBs is accelerating. FINTRAC is reducing the interval between compliance examinations for higher-risk segments. MSBs that have been examined, found to have deficiencies, and issued compliance action plans are being re-examined on accelerated 12-to-18-month cycles rather than the standard two-to-three year interval. For MSBs in that position, the window to remediate is shorter than it has ever been.

For MSBs and PSPs navigating this environment, ComplyFactor’s global MLRO services and AML advisory services provide the regulatory intelligence and compliance infrastructure to maintain continuous readiness rather than reacting after FINTRAC has initiated contact.

Frequently Asked Questions

What are the most common grounds on which FINTRAC revokes an MSB registration?

The statutory grounds are: not eligible for registration, failure to answer a clarification request within 30 days, failure to respond to information demands, failure to notify FINTRAC of changes to operating information, and failure to assist FINTRAC. Based on the 2026 revocation data, non-eligibility — driven by absent or deficient compliance programmes — is the most prevalent inferred ground, typically compounded by non-response to FINTRAC information demands.

Can an MSB re-register after revocation?

There is no absolute bar on re-registration following revocation, but FINTRAC may refuse a new application if the circumstances that led to revocation have not been remedied. A previously revoked entity will face significantly heightened scrutiny and must demonstrate that all compliance deficiencies have been fully addressed. Re-registration following revocation also creates a disclosed enforcement history that will affect banking and correspondent relationships — financial institutions conducting KYB will identify it.

Does operating remotely, without a physical Canadian office, increase revocation risk?

Not inherently. FINTRAC’s concern is with the compliance programme, not the office location. A remote-first MSB with a robust, documented compliance programme, a qualified compliance officer, and a consistent reporting history is not at elevated risk simply because it operates without a physical office. What creates risk is the combination of no physical presence, no website, no identifiable compliance function, and no transaction reporting — that combination describes a non-operational entity, not a legitimately operating remote business.

How often does PCMLTFA require an MSB to review its compliance programme?

The regulations require an independent review of the compliance programme on a risk basis, at minimum every two years. For MSBs in higher-risk segments — including virtual currency dealing, cross-border transfers, and high-volume foreign exchange — an annual independent review is prudent and increasingly what FINTRAC examiners expect to see documented.

What should an MSB do if it receives a FINTRAC information demand?

Respond within the stated deadline — typically 30 days — with complete, accurate, and well-organised documentation. Assign a named internal point of contact to manage the response, document your process, and retain copies of all correspondence. If the demand relates to a potential compliance deficiency, consider engaging an external AML adviser to assist with the response and to conduct a parallel internal review. Non-response or materially incomplete response is itself a revocation ground. ComplyFactor’s AML advisory services include regulatory correspondence support.

How does FINTRAC revocation affect banking relationships?

Banks and payment processors conducting KYB reviews on MSB counterparties routinely check FINTRAC’s public registration database, including the revocation register. A revoked MSB will typically have its accounts closed within weeks of the revocation appearing on the register, regardless of whether the MSB disputes the revocation. This is one of the most severe practical consequences and underscores the importance of proactive compliance maintenance rather than waiting for FINTRAC to act.

What is the difference between expiry and revocation on FINTRAC’s register?

Expiry is the natural end of the two-year registration period where the entity chose not to renew. Revocation is an affirmative enforcement action by FINTRAC, taken because the registrant failed to maintain its obligations. Expiry is administratively neutral. Revocation is an adverse enforcement record that carries material weight in subsequent regulatory, banking, and counterparty due diligence assessments. The two are not equivalent and should not be treated as such.

What should MSBs and PSPs also registered under RPAA be aware of?

RPAA adds a layer of Bank of Canada oversight on top of FINTRAC obligations. PSPs that fail to meet FINTRAC requirements are typically also failing to meet the operational and risk management standards expected under RPAA. The two regimes are complementary, and a compliance failure in one will ordinarily reflect a systemic issue relevant to both. See the RPAA compliance guide and the comprehensive guide to RPAA and Bank of Canada requirements for a detailed breakdown of dual-framework obligations.